This assessment was issued to clients of Dragonfly’s Security Intelligence & Analysis Service (SIAS) on 29 March 2023.
Chinese officials said earlier this month that Beijing needs to ‘move faster toward greater self-reliance’. China is most likely to target firms operating in key technology sectors, such as semiconductors, telecommunications, advanced engineering and artificial intelligence.
Since China’s reopening in early 2023 several of our clients have asked us about the tactics and targeting of Chinese industrial espionage. There is incomplete data on this issue. But open source reporting suggests that Chinese intelligence officers mostly direct these, though private foreign and Chinese citizens are often involved. The number of reported China-related espionage cases has significantly increased over the past two decades. And acquiring commercial technology makes up the majority (51%) of recently reported espionage cases.
Chinese state agencies are likely to intensify their operations in the wider Asian region in the medium term. With more firms operating in sensitive sectors having reduced their presence in mainland China, Chinese threat actors will need to target companies abroad.
Key technologies are likely to be more easily accessible in countries such as South Korea, Japan, Europe and Southeast Asia compared to the US due to them having comparatively fewer safeguards. Chinese state-owned or controlled entities are likely to use both illegitimate and legitimate means such as investments and acquisitions to achieve this.
Industrial espionage is likely to focus on several key industries. The graphic below, sets out those in which China intends to quickly develop self-sufficiency, as stated in the country’s 14th Five Year Plan and the Made in China 2025 Plan.
Foreign technology firms in these sectors are likely to be of particular interest to Chinese state and private threat actors this year. The Chinese government has made significant progress in developing its self-sufficiency in key areas. But in the face of further export controls on China’s national security industries by the US and its allies over the past year, Beijing is likely to intensify its focus on military or intelligence related technologies. This includes specific engineering parts for aviation, missiles, ships and supercomputers as well as software for encryption, big data analysis and artificial intelligence.
China’s state agencies have an established capability to access and collect highly sensitive or secret information. The government agency that is most likely to conduct the majority of industrial espionage against civilian targets is the Ministry of State Security (MSS). The MSS operates domestically and internationally and reports to the highest levels of the country’s party-state. It remains well-resourced and has been involved in several espionage cases to develop the country’s self-sufficiency in key technologies.
MSS and other agencies are also likely to use non-intelligence officers to access IP. Private actors have played a predominant role in industrial espionage. There is often no clear delineation between the public and private sectors in China. Previous incidents suggest that China uses a ‘military-civil’ fusion between private companies, public universities, military and security agencies to build its economy and military. At least 15 public universities in China have been involved in cyberattacks, illegal exports or espionage, press reporting suggests.
Chinese businesses and other private actors are also likely to try to gain an economic advantage by stealing IP or technology. But their capabilities are more limited than those of state actors. The Chinese government rarely punishes its citizens’ economic espionage, at least in strategic sectors. This is also probably because it often sees such activities to be in its wider state interest. Many perpetrators avoid prosecution in foreign countries and return to China or they directly conduct espionage activities there. This includes competitors hiring third parties to conduct surveillance, cyber operations or blackmail to obtain data.
Industrial espionage is often carried out using a trusted insider or through cyber attacks. Based on open source data on recent cases, the Chinese state agencies frequently follow a similar pattern. The majority of recruitment or engagement with human sources has taken place in China. This has included people that have lived, worked or visited the PRC. Below we outline the common tactics used by Chinese threat actors to acquire commercial technology and confidential information.
This is based on a handful of cases reported by the FBI and a US-based think tank.
Image: Guards walk by a display of military hardware at an exhibition highlighting Chinese President Xi Jinping’s years as leader as part of the upcoming 20th Party Congress in Beijing, China, on 12 October 2022. Photo by Kevin Frayer via Getty Images.
Be the first to receive our articles, news and insight on global risk, industry trends and what's new at Dragonfly